Microsoft’s email service, Hotmail, is implementing tougher standards for user passwords to combat the increasing occurrence email account hijackings.
The company said Hotmail users will no longer be allowed to use common, easily guessable passwords like “password,” “12345,” and “qwerty,” which are susceptible to “brute force” and “dictionary” attacks. They will also have to meet more stringent password requirements when creating a password. Users with passwords deemed too weak or common will be required to change them, the company said.
Microsoft is also introducing a new feature to highlight account takeovers when they occur. Hotmail users can now report accounts that appear to have been compromised if they receive suspicious emails from it. Suspicious mail can now be tagged with a “My friend’s been hacked!” category. That feature has been available for mail received from other Hotmail users, but has now been expanded to allow for reporting hacked email accounts sent from other services.
Accounts that have been marked as compromised will no longer be available to the spammer and the account’s rightful owner will be put through and “account recovery flow” that will help them regain control of the account. If it is the case that the compromised account is using a different email service, then Hotmail will contact that service, and they will take it from there. You can find the Windows Live announcement here.
“implementing tougher standards”.. It’s about time…
More nannying, inconvenience, and/or confusion for the user… all because of a bunch of naredowells. My phone will now start ringing for another reason. <sigh>
I understand the need for this, but how about the death penalty for convicted spammers?? Instead of punishing and inconveniencing the users?
Agreed. It’s needed. But truthfully, I don’t know if it will help much; some, I’m sure. I don’t pretend to know how to do this, but to me, it seems education of internet pitfalls needs to be clearer. For example, I received an email from a guy a few days ago. He just forwarded it on without clearing off the 74 email addresses in the body of the email. Also, he addressed it to 32 people in the “To” section instead of using the Bcc section to hide the addresses. I had discussed this issue with him before, explaining to him about spammers, botnets, etc. Apparently, he didn’t get the message. So this time, I sent it to everyone of the email addresses in the body of the email and to the 32 adressees, all in the Bcc section. Only his email address was in the To section. Needless to say, he was not happy as I gather he caught hell from a few folks other than me. And I also got a few retorts from some of the other folks. I responded with, “Had I been a spammer or a botnet controller, you’d be in a lot worse shape. So if you want to hammer someone, hammer the person who gave me your email address due to being inconsiderate by not taking the time to remove it. Not one of them has replied.
How we get folks to compy with simple ettiquette like that, I have no clue. But you know as well as I do that spammers will continue to hammer anything they can get their hands on. Maybe make getting an internet connection like getting a driver’s license where you have to take an exam and understand the pitfalls and how you can cause people undue hardships if you are inconsiderate and don’t remove email addresses from emails you forward.
Just my 2 cents….